Ukraine, Gaza Wars Inspire DDoS Surge Against Finservs

  /     /     /  
Publicated : 23/11/2024   Category : security

Ukraine, Gaza Wars Inspire DDoS Surge Against Finservs


Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.


Financial services organizations have faced nearly twice as many distributed denial of service (DDoS) attacks this year as any other industry, thanks in part to a rise in hacktivism.
According to a new report from Akamai, between Jan. 1 and June 30, there were nearly
3,000 Layer 3 and 4 DDoS attack events
in the financial services sector (Layer 3 and 4 attacks occur at the network and transport layers of Internet communication). The next most-targeted industries — gaming, then high tech, then manufacturing — suffered around 1,000 to 1,500 events each.
A number of factors contribute to the sheer scale of the threat, experts say, including a general rise in DDoS across the board, a surge in hacktivist activity in association with high-profile geopolitical conflicts, emerging threats to application programming interfaces (APIs), and more.
And at the end of the day, its just easy. They dont have to find a vulnerability. They dont have to find that gap in your armor. They can just literally sit there and hit a button, says Richard Hummel, director of threat intelligence for Netscout.
On July 15, beginning at 10:05 a.m. local time, the full weight of a globally distributed botnet was turned against a major financial services company in Israel.
The vectors of attack were numerous: UDP flooding, UDP fragmentation, DNS reflection, PUSH and ACK floods, and more. At its peak, the flood of data registered at
789GB per second
— equivalent to millions of documents, or hundreds of thousands of photos, streaming in with each passing moment.
The peak of the event lasted until around 1 p.m. local time, but activity persisted for around 24 hours. This attack was very exceptional in terms of total duration, Akamai researchers wrote, after helping abate the attack. This requires significant resources and is an indication of a very sophisticated aggressor.
Remarkably, despite that aggressor dedicating so much power to one attack, a number of other Israeli financial institutions experienced outages that same day, in what researchers assessed was likely a politically motivated campaign.
It wasnt the only politically motivated DDoS campaign that happened around this time, nor was it the worst. Those Israeli companies might have considered themselves lucky compared to a UAE bank, whose website was attacked by the pro-Palestinian group BlackMeta (aka DarkMeta). In
a six-day romp
, the group sent 10 waves of Web requests lasting between four and 20 hours each, averaging 4.5 million per second and peaking at 14.7 million.
DDoS has surged in correlation with the wars in Gaza and Ukraine, Akamai says, particularly against European banks with connections to Ukraine. Even if a financial institution doesnt consider itself political in any way, they nonetheless serve as a useful punching bag for hackers to achieve their dogmatic goals.
Being so central to, and interconnected with, wider society, attacks against finance tend to cause more harm and panic than those against other industries.
Plus, more so than in the US, in European countries or Asian countries, oftentimes government and finance go hand-in-hand, so you will often see that adversaries will walk the stack of what they perceive as government-affiliated, Hummel explains.
As an example, he points to Moldova, a country with manifold conflicts with Russia. Moldova has been hammered over and over for the past six, seven months now by
NoName057 and various other groups
. They started with government targets, but then they started looking at finance, at commercial banking, education, public transportation. Its a natural extension.
And as if DDoS werent already easy enough, in Europe, its become easier in recent years thanks to
Payment Services Directive 2 (PSD2)
, which came into effect in January 2016. Among other things, the European Union (EU) directive required that financial services providers offer open APIs to third-party services.
PSD2 was designed to better integrate the EU payments market but, Akamai points out, it also widened the surface through which attackers could attack affected companies. APIs offer yet another opening for more sophisticated, application-layer DDoS attacks, particularly when theyre poorly accounted for.
What were finding is that many financial institutions dont know the expanse of their API ecosystem, says Cheryl Chiodi, industry strategy manager for financial services at Akamai. There could be developers that were working on a project and left what we call a rogue API, or shadow APIs that are connected to the network but arent really doing anything. And the cybercriminal can find those entry points and use them to do their infiltration of the network.
In its report, Akamai noted sharp increases in DDoS attacks targeting APIs. For this reason, Chiodi urges financial services companies to perform API discovery. That then opens up the aperture, the visibility, so that you know what the API ecosystem [in your organization] is in the first place, she says.

Last News

▸ Enhancing Business Security Through Threat Intelligence ◂
Discovered: 26/12/2024
Category: security
▸ Fidelis expands in malware detection & analysis. ◂
Discovered: 26/12/2024
Category: security
▸ SMBs can enhance security via Cloud in 4 ways. ◂
Discovered: 26/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Ukraine, Gaza Wars Inspire DDoS Surge Against Finservs